180 likes | 534 Vues
ECURE 2002. HIPAA and FERPA. (or, Is Your HIPAA Eating Your FERPA?) C.W. Goldsmith The University of Texas System. Comparison of FERPA and HIPAA. History of FERPA and HIPAA Administrative Rule versus Law What’s Covered? What are the Penalties? Similarities Coping Strategies
E N D
ECURE 2002 HIPAA and FERPA (or, Is Your HIPAA Eating Your FERPA?) C.W. Goldsmith The University of Texas System
Comparison of FERPA and HIPAA • History of FERPA and HIPAA • Administrative Rule versus Law • What’s Covered? • What are the Penalties? • Similarities • Coping Strategies • Who’s Not Covered? • Opportunity
Why FERPA? 1960s Berkeley Free Speech Loss of loco parentis 1974 FERPA (Buckley) in Response to Abuse Why HIPAA? 1996 Failure to Leverage Technology to Reduce Costs History
Difference Between Administrative Rule and Law • Rule Offers More Less Formal Steps to Discover Problems/Answers to Resolve Issues/Complaints Before Going to Court • HIPAA is Both • Enforcement Through the Office of Civil Rights • FERPA is Both
FERPA Education Records/Privacy HIPAA Code Sets Privacy Security Identifiers What’s Covered ?
FERPA 1974 HIPAA Code Sets – October 16, 2002 Privacy – April 14, 2003 Security – Identifiers -- ?? Implementation Dates
FERPA Penalties Institutional Sanctions Loss of Federal Funding HIPAA Penalties Security: A Maximum of $25,000 Privacy: Intent: to $50,000, one year in jail False pretenses: $100,000, 5 years jail Commercial or personal gain: $250,000, 10 years jail What are the Penalties?
FERPA Penalties No right of personal action, Civil Rights Cause of Action May Exist Against Public Institutions HIPAA Penalties Transactions/codes/identifiers: $100 per incident/up to $25,000 per year per standard What are the Penalties?
FERPA Directory Information opt out HIPAA Directory Information opt in Any Similarities?
What does HIPAA say about FERPA? • HIPAA says FERPA is to be followed for student medical record • FERPA says student medical record not covered • HIPAA says medical records seen by other than physician/nurse is an education record and must be handled accordingly
FERPA Culture and education History HIPAA Use HIPAA to Refresh Campus Understanding of FERPA Compliance and Federal Sentencing Guidelines Encourage Training Everyone(!) UAB Committee Structure Coping Strategies
UAB HIPAA Steering Committee Clair Goldsmith, PhD Lucy Hicks, JD Joan Lorden, PhD Michael R. Waldrum, MD Advisory Staff J Hicks; J Piazza, JD; T Tatum, JD Technical Advisory Don Fast; Landy Manderson UAB Clinics Employees Research HSIS / Children's Students Tusc / Hunstville Clinics Roger McCullough All UAB Campus and affiliated Viva / VA William Fulcher, MD Allen Bolton Training/Insurance William Grizzle, MD, PhD Amanda Dorsey Hunstville / Tusc? All Campus and Hunstville Tusc EDI EDI EDI EDI EDI Privacy Privacy Privacy Privacy Privacy Security Security Security Security Security Identifiers Identifiers Identifiers Identifiers Identifiers
Communities Not Covered by FERPA and HIPAA • Human Research Subjects in Other Disciplines • Psychology, Education • IRB Responsibility/Waiver • What is Done With Personally Identifiable Research Information when Investigator Leaves the Institution?
Conclusion FERPA and HIPAA Are Great Platforms for the Exercise of Leadership in Protecting Privacy of Individuals
But… Why hasn’t Higher Education Taken a Stronger Role in the use of Technology to Protect Privacy?
http://www.educause.edu/pub/er/erm01/erm015w.htmlemail:cgoldsmith@utsystem.eduhttp://www.educause.edu/pub/er/erm01/erm015w.htmlemail:cgoldsmith@utsystem.edu